From: Victor Julien <victor@inliniac.net>
Date: Wed, 12 Mar 2014 21:52:00 +0000 (+0100)
Subject: TLS: register patterns for tls-alerts
X-Git-Tag: suricata-2.0.1rc1~90
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb3a9d30769a366a015783dc1de4a2d32899aeb5;p=thirdparty%2Fsuricata.git

TLS: register patterns for tls-alerts

Register patterns for when server has an alert as the first message.
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 53672803cf..2d42c4aef2 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1090,6 +1090,11 @@ static int SSLRegisterPatternsForProtocolDetection(void)
 
     /***** toclient direction *****/
 
+    if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+                                               "|15 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
+    {
+        return -1;
+    }
     if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
                                                "|16 03 00|", 3, 0, STREAM_TOCLIENT) < 0)
     {
@@ -1102,6 +1107,11 @@ static int SSLRegisterPatternsForProtocolDetection(void)
     }
 
     /** TLSv1 */
+    if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+                                               "|15 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
+    {
+        return -1;
+    }
     if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
                                                "|16 03 01|", 3, 0, STREAM_TOCLIENT) < 0)
     {
@@ -1114,6 +1124,11 @@ static int SSLRegisterPatternsForProtocolDetection(void)
     }
 
     /** TLSv1.1 */
+    if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+                                               "|15 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
+    {
+        return -1;
+    }
     if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
                                                "|16 03 02|", 3, 0, STREAM_TOCLIENT) < 0)
     {
@@ -1126,6 +1141,11 @@ static int SSLRegisterPatternsForProtocolDetection(void)
     }
 
     /** TLSv1.2 */
+    if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
+                                               "|15 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
+    {
+        return -1;
+    }
     if (AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP, ALPROTO_TLS,
                                                "|16 03 03|", 3, 0, STREAM_TOCLIENT) < 0)
     {